Spyware Gangs Merging, Planning 'Supertrojan' Malware

Security experts warn that a new "supertrojan" is lurking in the cyber shadows, which may make ordinary viruses seem as harmless as the common cold.

The two most forbidding pieces of spyware on the Net have James Bond-worthy names: SpyEye and ZeuSTwo. Once competing tools for cybercrooks, now they’re teaming up to form a hybrid being hailed as SpyZeuS -- and security analysts warn companies and users to be on their guard.

"Conventional security solutions will find it hard to detect and handle this type of new threat," wrote fraud expert Aviv Raff on his blog.

Shouldn’t rival gangs of cut-throat badware makers be enemies? Not so, experts tell FoxNews.com: According to those in the security realm, building Trojan horse software that steals users’ banking information is a business just like any other.

Indeed, the merger is comparable to the dealings of the banks and companies they target.

“The underground malware world functions essentially as a business,” Alex Cox, principal research analyst at network-security firm NetWitness, told FoxNews.com. “So just like in big business, it’s normal for those with a well-known product to have competitors, as well as make big mergers such as this.”

In other words, a major business merger is underway -- and those profiting from the deal may be drawing from your bank accounts.

ZeuS is considered king of the botnets, having been used to hack the websites of such reputable groups as Bank of America, NASA, and Amazon. SpyEye surfaced last year, with many assuming it would become the next ZeuS -- and now in a way, it has.

How to protect yourself from Trojan horses

The security industry had suspected since October that the criminal masterminds behind ZeuS were abandoning their creation and sending the leftover codes to the creators of SpyEye. And now traces of the updated Trojan are popping up, as authors have been shipping out beta releases of SpyZeus almost daily.

The evolution of these infamous malware tools has those tracking the criminals calling for banks and companies to evolve along with them.

“It’s all about understanding the way your network works, such as the amount and kind of traffic that is going through your system,” Cox told FoxNews.com. “Detection used to be primarily signature-based” -- a technique that involves finding a common thread in the software and detecting it by looking for that signature.

“But bad guys have gotten too good at bypassing those signature-based detection systems,” Cox said. “We’re trying to push the move to more behavioral-based detection.”

Threat-alert service Seculert has included some screenshots of the administrative panel of SpyZeus on its blog. The shots reveal the authors of the hybrid malware trying to cater to users of both Trojans. Co-founder and CTO of Seculert Aviv Raff thinks that it is important for the public to be aware and alert.

“Before the merge, these were the only two important Trojans in the cybercrime world,” Raff told FoxNews.com. “But we felt this was newsworthy because there will probably be new rivals out ... we’re already seeing new faces and new families of this type of malware.”

And for the average consumer, there are simple detection techniques that can help those hoping to fend off cyber criminals.

“Just be aware,” Cox told FoxNews.com. “There should always be a red flag when you’re using a computer at home and you are asked for something that your login doesn’t normally ask you for. That should give you a heads up that something’s awry.”